Google Safe Browsing Diagnostics Warning

(1/1)

stwired:
Interestingly enough, one of our sites was hacked and by using the Google Safe Browsing diagnostics it appears that MANY sites on Lunarpages have been hacked. Here's the report I got:
__________

Safe Browsing
Diagnostic page for AS15244 (ADDD2NET)

What happened when Google visited sites hosted on this network?

    Of the 26325 site(s) we tested on this network over the past 90 days, 3359 site(s), including, for example, haybe.com/, fatesend.org/, sahajayogamass.org/, served content that resulted in malicious software being downloaded and installed without user consent.

    The last time Google tested a site on this network was on 2009-08-20, and the last time suspicious content was found was on 2009-08-20.

Has this network hosted sites acting as intermediaries for further malware distribution?

    Over the past 90 days, we found 66 site(s) on this network, including, for example, zcool.cc/, deniztube.com/, diaoyu123.com/, that appeared to function as intermediaries for the infection of 168 other site(s) including, for example, haybe.com/, charmchina.cn/, yellowbookleads.com/.

Has this network hosted sites that have distributed malware?

    Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 109 site(s), including, for example, i-site.ph/, zcool.cc/, sex3838.com/, that infected 475 other site(s), including, for example, atdianxun.com/, maswh.gov.cn/, v843.com/.

------------------------------

Most of these sites are hosted by Lunarpages if you look them up on domain whois.  This cannot be the fault of individual computers, ftp programs - it seems to be the lunarpages servers - perhaps a security hole/issue that needs to be looked into? We have Trend Micro security on all of our computers here and there are no keyloggers, trojans, viruses, etal on these machines.

We have 2 sites on Lunarpages and only ONE was compromised with an iframe injection on an index page which has subsequently resulted in our site being blacklisted by Google for containing malware due to the hack. We fixed it but cannot get unblacklisted from Google until they review the site again.

We love Lunarpages when all is well... and most of the time it is and y'all are great - BUT... this potential security issue needs to be looked into by the staff there and not fobbed off onto the customers.

The last time we were hacked, Lunarpages let us know months after the attack (porn malware) that security/passwords had been compromised. Please check the Symra server and any other servers that people are reporting hacks on.

Thanks in advance for your attention to this matter!

stwired:
Interestingly enough, one of our sites was hacked and by using the Google Safe Browsing diagnostics it appears that MANY sites on Lunarpages have been hacked. Here's the report I got:
__________

Safe Browsing
Diagnostic page for AS15244 (ADDD2NET)

What happened when Google visited sites hosted on this network?

    Of the 26325 site(s) we tested on this network over the past 90 days, 3359 site(s), including, for example, haybe.com/, fatesend.org/, sahajayogamass.org/, served content that resulted in malicious software being downloaded and installed without user consent.

    The last time Google tested a site on this network was on 2009-08-20, and the last time suspicious content was found was on 2009-08-20.

Has this network hosted sites acting as intermediaries for further malware distribution?

    Over the past 90 days, we found 66 site(s) on this network, including, for example, zcool.cc/, deniztube.com/, diaoyu123.com/, that appeared to function as intermediaries for the infection of 168 other site(s) including, for example, haybe.com/, charmchina.cn/, yellowbookleads.com/.

Has this network hosted sites that have distributed malware?

    Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 109 site(s), including, for example, i-site.ph/, zcool.cc/, sex3838.com/, that infected 475 other site(s), including, for example, atdianxun.com/, maswh.gov.cn/, v843.com/.

------------------------------

Most of these sites are hosted by Lunarpages if you look them up on domain whois.  This cannot be the fault of individual computers, ftp programs - it seems to be the lunarpages servers - perhaps a security hole/issue that needs to be looked into? We have Trend Micro security on all of our computers here and there are no keyloggers, trojans, viruses, etal on these machines.

We have 2 sites on Lunarpages and only ONE was compromised with an iframe injection on an index page which has subsequently resulted in our site being blacklisted by Google for containing malware due to the hack. We fixed it but cannot get unblacklisted from Google until they review the site again.

We love Lunarpages when all is well... and most of the time it is and y'all are great - BUT... this potential security issue needs to be looked into by the staff there and not fobbed off onto the customers.

The last time we were hacked, Lunarpages let us know months after the attack (porn malware) that security/passwords had been compromised. Please check the Symra server and any other servers that people are reporting hacks on.

Thanks in advance for your attention to this matter!

bryantrv:
To a certain extent, I believe that's unavoidable. I mean if you look at http://www.google.com/safebrowsing/diagnostic?site=AS:15169   - Google themselves have a positive report. Pretty much *every* host will have a positive report.

Mitch:
I just merged these posts, and moved it over to the security section of the forums (will review the posts in a 'bit).  As per the forum rules, please make sure you do not post duplicate threads multiple times, as it makes it hard for your fellow forum members here to be able to see where and how you have been answered.  If you have any questions on how best to use our forums here, please check the forum rules and FAQ links in my forum signature. 

Mitch:
Yeah, as bryantrv pointed out - looks like they are telling you what you already knew, since you were subject to the iframe injection issue, this is mainly what happens once Google finds out about it.  Once removed, give it a few days, and it should be removed.  If Google drops you from search results - you can always use the Google Webmaster Tools set to ask to be re-index/re-listed and gives you a space to plead your case to Google.

Navigation

[0] Message Index